cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
876
Views
4
Helpful
6
Replies

Harden internet router

sushil
Level 1
Level 1

Hi,

I want to harden my internet router.

Any link on this.

I cheked few links and find out that RFC 1918,3380 address to be blocked on externla int.

There is one entry like

access-list 101 deny ip host 0.0.0.0 any

&

access-list 101 deny ip host 255.255.255.255.any.

What is this host in the command.My internet router or something else.What should I use here..

And how these acl will work?

Reg,

Sushil

6 Replies 6

Jon Marshall
Hall of Fame
Hall of Fame

Sushil

host 0.0.0.0 & host 255.255.255.255 are host addresses you should never see so you are safe to deny them.

There are some very good papers on hardening devices, have a look at these two

1) Cisco document on hardening routers

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

2) A non-Cisco doc from the sans.org website.

http://www.sans.org/reading_room/whitepapers/firewalls/cisco_router_hardening_stepbystep_794?show=794.php&cat=firewalls

Jon

Thanks Jon for your response.

Hey Jon,

Thanks for the link. Check out this proviso: "Reposting is not permited without express written permission."

He he he ...

Joseph W. Doherty
Hall of Fame
Hall of Fame

Not as good as some of the links the other posters provided, however you might also want to try SDM's (Cisco Router and Security Device Manager) security audit againt your router (if your device is supported).

More info: http://www.cisco.com/en/US/products/sw/secursw/ps5318/index.html

Hi,

Can Someone help on how to harden or secure Switch which is connected to Internet.

Multiple ISP links are terminated on the switch...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: